From afe4c32f3177eca641f45ee04f6a1e1804df75f2 Mon Sep 17 00:00:00 2001 From: content-bot <55035720+content-bot@users.noreply.github.com> Date: Sun, 18 Feb 2024 11:26:33 +0200 Subject: [PATCH] Qualys_Add_New_Commands (#31917) (#32972) * Qualys_Add_New_Commands * Qualys_Add_New_Commands * update Qualysv2.py * update Qualysv2.yml * update README.md * update RN * fix commands * update yml * update descriptions * update README.md * update RN * update docker * pre commit * doc review --------- Co-authored-by: DaniSalcedoGFT <153612119+DaniSalcedoGFT@users.noreply.github.com> Co-authored-by: adi88d Co-authored-by: Adi Daud <46249224+adi88d@users.noreply.github.com> --- .../qualys/Integrations/Qualysv2/Qualysv2.py | 98 +++++++++++ .../qualys/Integrations/Qualysv2/Qualysv2.yml | 44 ++++- .../Integrations/Qualysv2/Qualysv2_test.py | 1 - Packs/qualys/Integrations/Qualysv2/README.md | 152 ++++++++++++++++++ Packs/qualys/ReleaseNotes/2_0_11.md | 11 ++ Packs/qualys/pack_metadata.json | 2 +- 6 files changed, 305 insertions(+), 3 deletions(-) create mode 100644 Packs/qualys/ReleaseNotes/2_0_11.md diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.py b/Packs/qualys/Integrations/Qualysv2/Qualysv2.py index db391a9c9d38..b3e6c577efcb 100644 --- a/Packs/qualys/Integrations/Qualysv2/Qualysv2.py +++ b/Packs/qualys/Integrations/Qualysv2/Qualysv2.py @@ -323,6 +323,23 @@ "human_readable_massage": "Asset tag deleted.", "json_path": ["ServiceResponse", "data", "Tag"], }, + "qualys-update-vmware-record": { + "json_path": ["BATCH_RETURN", "RESPONSE", "BATCH_LIST", "BATCH"], + }, + "qualys-update-vcenter-record": { + "json_path": ["BATCH_RETURN", "RESPONSE", "BATCH_LIST", "BATCH"], + }, + "qualys-vcenter-esxi-mapped-record-list": { + "collection_name": "VCENTER_ESXI_MAP", + "table_name": "Vcenter ESXI IP List", + "json_path": ["VCENTER_ESXI_MAP_LIST_OUTPUT", "RESPONSE", "VCENTER_ESXI_MAP_LIST", "VCENTER_ESXI_MAP"], + }, + "qualys-vcenter-esxi-mapped-record-import": { + "json_path": ["SIMPLE_RETURN", "RESPONSE"], + }, + "qualys-vcenter-esxi-mapped-record-purge": { + "json_path": ["SIMPLE_RETURN", "RESPONSE"], + }, } # Context prefix and key for each command @@ -525,6 +542,26 @@ "context_prefix": "", "context_key": "", }, + "qualys-update-vmware-record": { + "context_prefix": "", + "context_key": "", + }, + "qualys-update-vcenter-record": { + "context_prefix": "", + "context_key": "", + }, + "qualys-vcenter-esxi-mapped-record-list": { + "context_prefix": "Qualys.VcenterToEsxi", + "context_key": "VCENTER_IP", + }, + "qualys-vcenter-esxi-mapped-record-import": { + "context_prefix": "", + "context_key": "", + }, + "qualys-vcenter-esxi-mapped-record-purge": { + "context_prefix": "", + "context_key": "", + }, } # Information about the API request of the commands @@ -774,6 +811,31 @@ "call_method": "GET", "resp_type": "text", }, + "qualys-update-vmware-record": { + "api_route": API_SUFFIX + "auth/vmware/?action=update", + "call_method": "POST", + "resp_type": "text", + }, + "qualys-update-vcenter-record": { + "api_route": API_SUFFIX + "auth/vcenter/?action=update", + "call_method": "POST", + "resp_type": "text", + }, + "qualys-vcenter-esxi-mapped-record-list": { + "api_route": API_SUFFIX + "auth/vcenter/vcenter_mapping/?action=list&output_format=xml", + "call_method": "POST", + "resp_type": "text", + }, + "qualys-vcenter-esxi-mapped-record-import": { + "api_route": API_SUFFIX + "auth/vcenter/vcenter_mapping/?action=import", + "call_method": "POST", + "resp_type": "text", + }, + "qualys-vcenter-esxi-mapped-record-purge": { + "api_route": API_SUFFIX + "auth/vcenter/vcenter_mapping/?action=purge", + "call_method": "POST", + "resp_type": "text" + }, } # Information about the API tag asset request of the commands @@ -1266,6 +1328,22 @@ "qualys-update-unix-record": { "args": ["ids", "add_ips"], }, + "qualys-update-vmware-record": { + "args": ["ids", "add_ips"], + }, + "qualys-update-vcenter-record": { + "args": ["ids", "add_ips"], + }, + "qualys-vcenter-esxi-mapped-record-list": { + "args": [], + "inner_args": ["limit"], + }, + "qualys-vcenter-esxi-mapped-record-import": { + "args": ["csv_data"], + }, + "qualys-vcenter-esxi-mapped-record-purge": { + "args": ["csv_data"], + }, "qualys-asset-group-add": { "args": [ "title", @@ -2807,6 +2885,26 @@ def main(): # pragma: no cover "result_handler": handle_asset_tag_result, "output_builder": build_tag_asset_output, }, + "qualys-update-vmware-record": { + "result_handler": handle_asset_tag_result, + "output_builder": build_single_text_output, + }, + "qualys-update-vcenter-record": { + "result_handler": handle_asset_tag_result, + "output_builder": build_single_text_output, + }, + "qualys-vcenter-esxi-mapped-record-list": { + "result_handler": handle_general_result, + "output_builder": build_unparsed_output, + }, + "qualys-vcenter-esxi-mapped-record-import": { + "result_handler": handle_asset_tag_result, + "output_builder": build_single_text_output, + }, + "qualys-vcenter-esxi-mapped-record-purge": { + "result_handler": handle_asset_tag_result, + "output_builder": build_single_text_output, + }, } requested_command = demisto.command() diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml b/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml index 7eebc928a77b..06d8f56edbe3 100644 --- a/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml +++ b/Packs/qualys/Integrations/Qualysv2/Qualysv2.yml @@ -2718,7 +2718,49 @@ script: - contextPath: Qualys.Purge.ID description: IDs of the hosts queued for purging. description: Purge hosts in your account to remove the assessment data associated with them. - dockerimage: demisto/python3:3.10.13.80014 + - name: qualys-update-vmware-record + arguments: + - name: ids + required: true + description: A comma-separated list of record IDs to update. Specify record IDs and/or ID ranges. + - name: add_ips + required: true + description: A comma-separated list of IPs and/or ranges to add to the IPs list for this record. + description: Update Vmware records for authenticated scans of hosts running on Vmware. + - name: qualys-update-vcenter-record + arguments: + - name: ids + required: true + description: A comma-separated list of record IDs to update. Specify record IDs and/or ID ranges. + - name: add_ips + required: true + description: A comma-separated list of IPs and/or ranges to add to the IPs list for this record. + description: Update vCenter records for authenticated scans of hosts running on vCenter. + - name: qualys-vcenter-esxi-mapped-record-list + arguments: + - description: Specify a positive numeric value to limit the amount of results in the requested list. + name: limit + description: List VCenter ESXi mapping records. + outputs: + - contextPath: Qualys.VcenterToEsxi.ESXI_IP + description: The IP address of the ESXi server. + - contextPath: Qualys.VcenterToEsxi.MAPPING_DATA_SOURCE + description: The source of this mapping record. + - contextPath: Qualys.VcenterToEsxi.VCENTER_IP + description: The IP address of the vCenter. + - name: qualys-vcenter-esxi-mapped-record-import + description: Import vCenter - ESXi mapping records. + arguments: + - name: csv_data + description: The CSV data file containing the vCenter - ESXi mapping records that you want to import. + required: true + - name: qualys-vcenter-esxi-mapped-record-purge + description: Purge vCenter - ESXi mapping records. + arguments: + - name: csv_data + description: The CSV data file containing the vCenter - ESXi mapping records that you want to purge. + required: true + dockerimage: demisto/python3:3.10.13.87159 script: '' subtype: python3 type: python diff --git a/Packs/qualys/Integrations/Qualysv2/Qualysv2_test.py b/Packs/qualys/Integrations/Qualysv2/Qualysv2_test.py index e613b4adcd3d..bdd3fb2d835c 100644 --- a/Packs/qualys/Integrations/Qualysv2/Qualysv2_test.py +++ b/Packs/qualys/Integrations/Qualysv2/Qualysv2_test.py @@ -1155,7 +1155,6 @@ def test_build_tag_asset_output(self): "modified": "2022-11-24T13:09:35Z", "ruleType": "INSTALLED_SOFTWARE", "criticalityScore": "3", - "criticalityScore": "3", "childTags": [ {"id": "1", "name": "child_1"}, {"id": "2", "name": "child_2"}, diff --git a/Packs/qualys/Integrations/Qualysv2/README.md b/Packs/qualys/Integrations/Qualysv2/README.md index 921fb7e34d06..12831fcde09b 100644 --- a/Packs/qualys/Integrations/Qualysv2/README.md +++ b/Packs/qualys/Integrations/Qualysv2/README.md @@ -21911,3 +21911,155 @@ There is no context output for this command. #### Human Readable Output >Asset tag deleted. + +### qualys-update-vmware-record + +*** +Update Vmware records for authenticated scans of hosts running on Vmware. + +#### Base Command + +`qualys-update-vmware-record` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| ids | A comma-separated list of record IDs to update. Specify record IDs and/or ID ranges. | Required | +| add_ips | A comma-separated list of IPs and/or ranges to add to the IPs list for this record. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command Example +```!qualys-update-vmware-record ids=123 add_ips=5.2.8.9``` + +#### Human Readable Output + +>Successfully Updated + +### qualys-update-vcenter-record + +*** +Update vCenter records for authenticated scans of hosts running on vCenter. + +#### Base Command + +`qualys-update-vcenter-record` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| ids | A comma-separated list of record IDs to update. Specify record IDs and/or ID ranges. | Required | +| add_ips | A comma-separated list of IPs and/or ranges to add to the IPs list for this record. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command Example +```!qualys-update-vmware-record ids=123 add_ips=5.2.8.9``` + +#### Human Readable Output + +>Successfully Updated + +### qualys-vcenter-esxi-mapped-record-list + +*** +List VCenter ESXi mapping records. + +#### Base Command + +`qualys-vcenter-esxi-mapped-record-list` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| limit | Specify a positive numeric value to limit the amount of results in the requested list. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| Qualys.VcenterToEsxi.ESXI_IP | unknown | The IP address of the ESXi server. | +| Qualys.VcenterToEsxi.MAPPING_DATA_SOURCE | unknown | The source of this mapping record. | +| Qualys.VcenterToEsxi.VCENTER_IP | unknown | The IP address of the vCenter. | + +#### Command Example +```!qualys-vcenter-esxi-mapped-record-list``` + +#### Context Example +```json +{ + "Qualys": { + "VcenterToEsxi": { + "ESXI_IP": "1.1.1.1", + "MAPPING_DATA_SOURCE": "File", + "VCENTER_IP": "1.1.1.3" + } + } +} +``` + +#### Human Readable Output + +>### Vcenter ESXI IP List +>|ESXI_IP|MAPPING_DATA_SOURCE|VCENTER_IP| +>|---|---|---| +>| 1.1.1.1 | FILE | 1.1.1.3 | + +### qualys-vcenter-esxi-mapped-record-import + +*** +Import vCenter - ESXi mapping records. + +#### Base Command + +`qualys-vcenter-esxi-mapped-record-import` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| csv_data | The CSV data file containing the vCenter - ESXi mapping records that you want to import. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command Example +```!qualys-vcenter-esxi-mapped-record-import csv_data=`vCenter IP,ESXi IP 1.1.1.1,1.1.1.2``` + +#### Human Readable Output + +>Successfully imported 1 record + +### qualys-vcenter-esxi-mapped-record-purge + +*** +Purge vCenter - ESXi mapping records. + +#### Base Command + +`qualys-vcenter-esxi-mapped-record-purge` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| csv_data | The CSV data file containing the vCenter - ESXi mapping records that you want to purge. | Required | + +#### Context Output + +There is no context output for this command. + +#### Command Example +```!qualys-vcenter-esxi-mapped-record-purge csv_data=`vCenter IP,ESXi IP 1.1.1.1,1.1.1.2``` + +#### Human Readable Output + +>Successfully purged 1 record \ No newline at end of file diff --git a/Packs/qualys/ReleaseNotes/2_0_11.md b/Packs/qualys/ReleaseNotes/2_0_11.md new file mode 100644 index 000000000000..2f1e673b34bd --- /dev/null +++ b/Packs/qualys/ReleaseNotes/2_0_11.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### Qualys v2 +- Added the following commands. + - ***qualys-update-vmware-record*** + - ***qualys-update-vcenter-record*** + - ***qualys-vcenter-esxi-mapped-record-list*** + - ***qualys-vcenter-esxi-mapped-record-import*** + - ***qualys-vcenter-esxi-mapped-record-purge*** +- Updated the Docker image to: *demisto/python3:3.10.13.87159*. \ No newline at end of file diff --git a/Packs/qualys/pack_metadata.json b/Packs/qualys/pack_metadata.json index 8c48c5abf04f..3720a9d68b7d 100644 --- a/Packs/qualys/pack_metadata.json +++ b/Packs/qualys/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Qualys", "description": "Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance", "support": "xsoar", - "currentVersion": "2.0.10", + "currentVersion": "2.0.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",